Wireless Network Security Spring 2014

Similar documents
Wireless Network Security Spring 2012

Wireless Network Security Spring 2015

Wireless Network Security Spring 2016

Wireless Network Security Spring 2016

Jamming Wireless Networks: Attack and Defense Strategies

Wireless Sensor Networks

DEEJAM: Defeating Energy-Efficient Jamming in IEEE based Wireless Networks

Wireless Network Security Spring 2016

Wireless Network Security Spring 2015

Wireless Network Security Spring 2015

Security in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

Keeping Your Eyes Peeled: Sensing-Driven Feedback- Computing for Network Security

USD-FH: Jamming-resistant Wireless Communication using Frequency Hopping with Uncoordinated Seed Disclosure

Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping

An Effective Defensive Node against Jamming Attacks in Sensor Networks

Lightweight Decentralized Algorithm for Localizing Reactive Jammers in Wireless Sensor Network

Jamming-resistant Broadcast Communication without Shared Keys

Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service

Wireless Network Security Spring 2011

ANTI-JAMMING PERFORMANCE OF COGNITIVE RADIO NETWORKS. Xiaohua Li and Wednel Cadeau

Prevention of Selective Jamming Attack Using Cryptographic Packet Hiding Methods

UNDERSTANDING AND MITIGATING

Lecture 7: Centralized MAC protocols. Mythili Vutukuru CS 653 Spring 2014 Jan 27, Monday

Avoid Impact of Jamming Using Multipath Routing Based on Wireless Mesh Networks

Randomized Channel Hopping Scheme for Anti-Jamming Communication

LOCALIZATION AND ROUTING AGAINST JAMMERS IN WIRELESS NETWORKS

Analysis and Optimization on Jamming-resistant Collaborative Broadcast in Large-Scale Networks

Jamming Attacks with its Various Techniques and AODV in Wireless Networks

Understanding and Mitigating the Impact of Interference on Networks. By Gulzar Ahmad Sanjay Bhatt Morteza Kheirkhah Adam Kral Jannik Sundø

Mitigation of Periodic Jamming in a Spread Spectrum System by Adaptive Filter Selection

Detection and Prevention of Physical Jamming Attacks in Vehicular Environment

Multiple Access Schemes

Increasing Broadcast Reliability for Vehicular Ad Hoc Networks. Nathan Balon and Jinhua Guo University of Michigan - Dearborn

ANTI-JAMMING BROADCAST COMMUNICATION USING UNCOORDINATED FREQUENCY HOPPING

Trust Based Suspicious Route Categorization for Wireless Networks and its Applications to Physical Layer Attack S. RAJA RATNA 1, DR. R.

Wireless Networks (PHY): Design for Diversity

SPREAD SPECTRUM (SS) SIGNALS FOR DIGITAL COMMUNICATIONS

Defending DSSS-based Broadcast Communication against Insider Jammers via Delayed Seed-Disclosure

Spread Spectrum Modulation

Lecture LTE (4G) -Technologies used in 4G and 5G. Spread Spectrum Communications

Multiple Receiver Strategies for Minimizing Packet Loss in Dense Sensor Networks

Multiple Access Techniques for Wireless Communications

Performance Evaluation of AODV, DSDV and DSR or Avoiding Selective Jamming Attacks in WLAN

/13/$ IEEE

Achieving Network Consistency. Octav Chipara

Multiple Access System

Vulnerability modelling of ad hoc routing protocols a comparison of OLSR and DSR

Anti-Jamming: A Study

Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System

Medium Access Control

IJSER 1. INTRODUCTION 2. ANALYSIS

Interleaving And Channel Encoding Of Data Packets In Wireless Communications

Wireless ad hoc networks. Acknowledgement: Slides borrowed from Richard Y. Yale

The Pennsylvania State University The Graduate School COMPROMISE-RESILIENT ANTI-JAMMING COMMUNICATION IN WIRELESS SENSOR NETWORKS

An Opportunistic Frequency Channels Selection Scheme for Interference Minimization

Jamming-resistant Broadcast Communication without Shared Keys

Background: Cellular network technology

Partial overlapping channels are not damaging

c 2013 Sang-Yoon Chang

Power Napping with Loud Neighbors: Optimal Energy-Constrained Jamming and Anti-Jamming

CS434/534: Topics in Networked (Networking) Systems

Cognitive Wireless Network : Computer Networking. Overview. Cognitive Wireless Networks

THE ever increasing demand of spectrum for wireless

IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 24, NO. 2, APRIL Sang-Yoon Chang, Member, IEEE, Yih-ChunHu, Member, IEEE, and Nicola Laurenti

IFH SS CDMA Implantation. 6.0 Introduction

Book Title: XXXXXXXXXXXXXXXXXXXXXXXXXX. Editors

A Routing Approach to Jamming Effects Mitigation in Wireless Multihop Networks. by Umang Sureshbhai Patel

Using Channel Hopping to Increase Resilience to Jamming Attacks

Defending Wireless Sensor Networks from Radio Interference through Channel Adaptation

Spread Spectrum: Definition

Robust Key Establishment in Sensor Networks

Cryptography Based Method for Preventing Jamming Attacks in Wireless Network Ms. Bhoomi Patel 1

Performance Analysis of DSSS and FHSS Techniques over AWGN Channel

Denial of Service Attacks in Wireless Networks: The case of Jammers

ZigBee Propagation Testing

ISSN Vol.06,Issue.09, October-2014, Pages:

Towards Self-Healing Smart Grid via Intelligent Local Controller Switching under Jamming

Medium Access Control. Wireless Networks: Guevara Noubir. Slides adapted from Mobile Communications by J. Schiller

Cooperation in Random Access Wireless Networks

M2M massive wireless access: challenges, research issues, and ways forward

Thwarting Control-Channel Jamming Attacks from Inside Jammers

Outline. Wireless Networks (PHY): Design for Diversity. Admin. Outline. Page 1. Recap: Impact of Channel on Decisions. [hg(t) + w(t)]g(t)dt.

Breaking Through RF Clutter

Affordable Family Friendly Broadband Alternate FDD Proposal. July 3, 2008

Frequency-Hopped Spread-Spectrum

Simple Algorithm in (older) Selection Diversity. Receiver Diversity Can we Do Better? Receiver Diversity Optimization.

INTRODUCTION TO WIRELESS SENSOR NETWORKS. CHAPTER 3: RADIO COMMUNICATIONS Anna Förster

Keywords: Network Security, Wireless Communications, piggybacking, Encryption.

Pseudo-random Polarization Hopping ( PPH ) Technology Brief

Introduction to Wireless and Mobile Networking. Hung-Yu Wei g National Taiwan University

CROSS-LAYER DESIGN FOR QoS WIRELESS COMMUNICATIONS

Structure of the Lecture

Some Areas for PLC Improvement

Mobile Computing. Chapter 3: Medium Access Control

Politecnico di Milano Advanced Network Technologies Laboratory. Beyond Standard MAC Sublayer

Towards Optimal UFH-based Anti-jamming Wireless Communication

Spread Spectrum. Chapter 18. FHSS Frequency Hopping Spread Spectrum DSSS Direct Sequence Spread Spectrum DSSS using CDMA Code Division Multiple Access

Chapter 3 : Media Access. Mobile Communications. Collision avoidance, MACA

Coding aware routing in wireless networks with bandwidth guarantees. IEEEVTS Vehicular Technology Conference Proceedings. Copyright IEEE.

Transcription:

Wireless Network Security 14-814 Spring 2014 Patrick Tague Class #5 Jamming 2014 Patrick Tague 1

Travel to Pgh: Announcements I'll be on the other side of the camera on Feb 4 Let me know if you'd like to meet Feb to discuss project topics or anything else course related I'm available most of Monday Feb 3 and morning of Feb 4 Send me a few times that work for you 2014 Patrick Tague 2

Jamming the Party 2014 Patrick Tague 3

Jamming Conceptually, jamming is a physical layer denial-of-service attack that aims to prevent wireless communication between parties Alice Messages Mallory Interference Bob 2014 Patrick Tague 4

How Does Jamming Work? Sender Path Loss Interference Jamming + Noise Receiver Receiver can decode message if SINR τ Jamming decreases SINR, causes decoding failure and packet loss But, there are numerous ways to do this 2014 Patrick Tague 5

Generalized Jamming A jammer allocates energy/signal to diverse time, freq, etc. resources according to an attack strategy S Effect E(S) of the attack Cost C(S) of the attack Risk R(S) of being detected / punished Frequency With other metrics, an optimization emerges Time 2014 Patrick Tague 6

Jamming Strategies Time Domain time Link Traffic Pkt Pkt Pkt Pkt P Constant Random Periodic Reactive [Xu et al., 2006; Mpitziopoulos et al., 2009] 2014 Patrick Tague 7

Link Traffic Jamming Strategies Frequency Domain Ch. 1 Ch. 2 Ch. 3 Ch. k Broadband Single Ch. Single Sub-Ch. Multiple Sub-Ch. 2014 Patrick Tague 8

Jamming Attack Types Noise-based jamming (aka classical jamming ) Attacker raises the noise floor, causing low SNR for high BER/SER Signal-based jamming Attacker injects valid-looking signal to block others or occupy the channel/radio Packet-based jamming Attacker injects well-formed packets Protocol-based jamming Attacker leverages higher-layer protocol structure to improve attack in some way 2014 Patrick Tague 9

Common Misperceptions Jamming signals, like other wireless signals, reach/affect all receivers within a distance R Neither are circular, but they're sometimes modeled that way All receptions within jammer's range are blocked whenever the jammer is on Like typical communications, jamming success is not guaranteed Jamming strategies are static Nothing prevents a jammer from changing strategy, params, etc. in time or in response to network events 2014 Patrick Tague 10

How can we protect against jamming? 2014 Patrick Tague 11

Spread Spectrum Effect of narrow-band jamming is reduced due to wide-band signal expansion The same attack has less impact More attacker resources (bandwidth, power, or both) are required for the same impact More costly to get the same impact Easier to detect 2014 Patrick Tague 12

Overhead of Spread Spectrum Both FHSS and DSSS require synchronization using a shared secret If the jammer knows the secret, spread spectrum has no benefit Key management is required Previously unpaired devices may not be able to perform key mgmt steps while under attack 2014 Patrick Tague 13

What if I want to use spread spectrum to communicate with someone, but we don't yet share a key for sync? 2014 Patrick Tague 14

Secret key establishment in the presence of a jammer Dependency cycle Spread-spectrum (FHSS or DSSS) Shared secret key for synchronization How to break the cycle? Can we establish a shared key in the presence of a jammer without relying on a shared key? 2014 Patrick Tague 15

Uncoordinated Freq. Hopping [Strasser et al., S&P 2008] Basic idea of UFH: Sender hops randomly over a large set of channels Receiver hops randomly but more slowly Sender-receiver occasionally meet and exchange data Throughput is very low, but anti-jamming protection is equivalent to FHSS S: 12 2 3 23 5 65 8 32 14 7 19 52 11 41 58 8 62 t R: 1 5 36 11 28 t 2014 Patrick Tague 16

Key Agreement with UFH UFH can facilitate key agreement in the presence of jamming Need to exchange long key agreement message parts, e.g., for authenticated Diffie-Hellman protocol However, for anti-jamming protection, msg needs to be very short (~100s of bits), so key agreement msgs need to be highly fragmented Sender can transmit continual stream of msg fragments using UFH, receiver will eventually get all of them 2014 Patrick Tague 17

Fragmentation Threats Fragment jamming: Attacker can jam message fragments to try to prevent or delay key agreement Fragment insertion: Attacker can insert malicious message fragments generated using valid keys and/or reusing fragments Message modification: Attacker can attempt to flip message bits or replace fragments 2014 Patrick Tague 18

Linking Fragments Cryptographically link message fragments Instead of using a shared key for integrity checking, just use a simple hash function to link fragments to each other M := m S, sig(m S ) m i :=id i M i h i+1 h l := h(m 1 ), h i := h(m i+1 ) M 1 M 2 M 3 M l M 1 M 2 M l m 1 m 2 m l 2014 Patrick Tague 19

UFH Results Receiver gets a bunch of fragment links, some from a valid sender and some from attackers Full fragment cycles can be reconstructed into valid messages Any messages that fail signature verification, have an expired timestamp, or fail another check can be dropped Once a verifiable message is received, a key can be established for full-fledged spread spectrum or any other purpose 2014 Patrick Tague 20

But, there's a catch... Still need public keys validated by a CA 2014 Patrick Tague 21

Is spread spectrum enough? No. 2014 Patrick Tague 22

Why SS Isn't Enough Defeating jamming completely is impossible Mitigation instead of defense Make the attack more expensive Make the attack less effective Make the attack easier to detect Attacker can counter any mitigation strategy It's a cat and mouse game 2014 Patrick Tague 23

Ok, then how about detecting jamming attacks? 2014 Patrick Tague 24

Jamming Detection & Defense [Xu et al., IEEE Network 2006] Goal: detect and localize jamming attacks, then evade them or otherwise respond to them Challenge: distinguish between adversarial and natural behaviors (poor connectivity, battery depletion, congestion, node failure, etc.) Certain level of detection error is going to occur Appropriate for deployment in sensor networks Approach: coarse detection based on packet observation 2014 Patrick Tague 25

Basic Detection Statistics Received signal strength (RSSI) Jamming signal will affect RSSI measurements Very difficult to distinguish between jamming/natural Carrier sensing time Helps to detect jamming as MAC misbehavior Doesn't help for random or reactive cases Packet delivery ratio (PDR) Jamming significantly reduces PDR (to ~0) Robust to congestion, but other dynamics (node failure, outside comm range) also cause PDR 0 2014 Patrick Tague 26

Advanced Detection Combining multiple statistics in detection can help High PDR + High RSSI OK Low PDR + Low RSSI Poor connectivity Low PDR + High RSSI? Jamming attack 2014 Patrick Tague 27

Jammed Area Mapping Based on advanced detection technique, nodes can figure out when they are jammed At the boundary of the jammed area, nodes can get messages out to free nodes Free nodes can collaborate to perform boundary detection using location information 2014 Patrick Tague 28

Evading Jamming Nodes in the jammed region can evade the attack, either spectrally or spatially Spectral evasion => channel surfing to find open spectrum and talk with free nodes Spatial evasion => mobile retreat out of jammed area Need to compensate for mobile jammers ability to partition the network (see figure in paper) 2014 Patrick Tague 29

What about dynamic attack and defense strategies? 2014 Patrick Tague 30

Optimal Jamming & Detection [Li et al., Infocom 2007] Problem setup: each of the network and the jammer have control over random jamming and transmission probabilities Network parameter γ is probability each node will transmit in a time slot Attack parameter q is probability the jammer will transmit in a time slot Goal: choose γ* (resp. q*) to minimize (resp. maximize) detection delay + response time What does each player know about its opponent? 2014 Patrick Tague 31

Detection & Response Network nodes need time to collect and analyze information to make a detection decision e.g., use the Sequential Probability Ratio Test (SPRT) Relaying detection results to those who can take action also takes time, depending on: Deployment pattern/statistics Radio parameters (power, range, etc.) Effect of jamming on message relaying 2014 Patrick Tague 32

Opposing Optimizations Given information about the delay metrics, the opponents can both try to optimize: Attacker optimizes the jamming probability q to maximize the delay Defender optimizes the transmitting probability γ to minimize the delay If opponents don't know each others' parameters Attacker chooses q to max-min the delay Defender chooses γ to min-max the delay 2014 Patrick Tague 33

Adaptive Jamming [DeBruhl et al., MASS 2012] More generally, the attacker can observe the opponent and tweak a number of parameters to meet a specific goal 2014 Patrick Tague 34

10%-PDR Adaptive Jamming 2014 Patrick Tague 35

Jamming Games What if both the attacker and defender are freely adapting in response to each other? [DeBruhl & Tague, PMC 2014] 2014 Patrick Tague 36

Open Research Problems Since jamming introduces a seemingly eternal cat and mouse game, there's a lot of work to do Understanding / modeling / evaluating attacks Developing efficient / effective / practical mitigation strategies 2014 Patrick Tague 37

January 30: Physical Layer Security 2014 Patrick Tague 38

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback